I just recently installed ESX Server Version 3. Created about 5 virtual servers. Created two subnets. All works great except one issue I cannot get around. When I browse "Entire Network" on any machine that is on the ESX server I get "Domain is not accessible" "You might not have permission to use this network resource". All other Servers/Workstations on our domain can browse without issue.
ESX Server Machines are 2003 Server and XP Pro All service packs.
I allowed incoming and outgoing connections on the ESX firewall as a test but still have the same issue.
Could this be a virtual switch issue? I have created two. One for each subnet.
Thanks
That is a windows network problem - maybe check your windows network configuration.
The virtual Switches are dumb layer 2 switches although It should be that fact that the vmware tools installs shared folders by default. This part of the tools also prevents you from taking a non domain server and making it another domain controller on an existing domain. The server has to be joined to the domain first.
Try running the vmware tools setup, running modify and removing shared folders and see what that does.
EDIT - I just tried browsing the network from one of my XP VM's and it worked just fine and we have default tools install.
Next, Can you ping the domain name and netbios name from your VM's to ensure you are getting name resolution correct.
PS - out of curiosity, do you browse the network using network neighbourhood regularily? I always just jump right to the run like and put in
servername\sharename to browse...
After all these years I'm not quite sure why thats even a feature Microsoft still has implemented.
Message was edited by:
Rumple
Same server image for our standalone hardware based servers as our VM server machines. Why would the VM servers operate in a different manner? 20 Standalone servers all browse correctly with same image, 200 XP workstations all browse correctly. Just the XP machines on VM have this issue.
I installed a second ESX server as a test and installed Windows 2000 Pro without an image so straight from CD with SP4, updated via WSUS and still cannot browse. Same CD with patches installed on a standalone workstation can browse without issue.
Yes I can map drives and
server\share just fine within the VM servers and Workstations. However we have an app that uses the Network Neighborhood to locate a server. No config file to bypass this. I try "net view" but get the same error.
Message was edited by:
sseawell
Try running the vmware tools setup, running modify and removing shared folders and see what that does.
Not sure why it doesn't work...I have 3 hosts and 30 guests so far and no problems whatsoever with browsing (but i never use that way as its slower then using the run line, so maybe its not working sometime and I haven't noticed)
Well I saw this problem many times - and it was always a windows problem (by me), e.g. many pc installed from one image (w/o sysprep or newsid) and then changing only name and ip address, security config., ip masks, dns/wins problems, ...
Have your there windows domains, wins; have you tried to browse before you installed the last patches?
So after multiple test with physical vs virtual... the same result. No domain browsing with VM machines at all. I can take the same XP Pro image load it on a physical machine, domain browsing is available, then load it on a VM and the VM cannot browse the network. I have also tried this on multiple ESX host machines with same result.
Last hope before I open a support call.
The only thing I can think of then is something with the physical ESX connections not allowing broadcasts (since that is how desktops/servers identify other systems on the same network. Using a netbios broadcast.
I have 3 different virtual environments at different client sites using as low end as a dlink switch all the way up to the Cisco 4510. All 3 sites are able to browse the network using network neighbourhood.
Out of curiosity, have you tried not having the vmware tools installed to see if that makes any difference?
I will try without vmtools installed.
Thanks
As a basic test of communication, can you even PING from your VMs to another device (doesn't matter what type)?
The VMWare Tools has nothing to do with browsing the domain. Assuming your Windows setup is correct, then I'd be looking at the virtual swtich and physical switch configs. Are you running any VLANs?
Be sure your vSwtiches are setup correctly and that the virtual machines are attached to the vSwitches. The esxcfg-firewall command only affects service console communication and does not affect VM communication to the rest of the network.
The vmware tools can cause problems with domain functions though
http://www.vmware.com/community/thread.jspa?threadID=18782&start=0&tstart=0
I've experienced this as well, hench my comment about the shared folders component of the Tools...
Not likely the cause in this situation, but doesn't hurt to try
Out of curiosity, are you seeing and failured in the event logs of the vm or on the domain controllers?
This might be far fetched, but one of the settings I always disabled is always secure communications on the domain. I never set the domain to force secure communication due to our unix/mac systems...
\----- Original Message \-----
1. From Administrative Tools open Domain Controller
Security Policy 2.
Smile
3. Select \Security Settings\Local Policies\Security
Options folder. 4. In
the details pane, double-click Microsoft network server:
Digitally sign
communications (always), and then click Disabled to prevent
SMB packet
signing from being required. 5. Click OK. 6. In the details pane,
double-click Domain member: Digitally encrypt or sign
secure channel data
(always), and then click Disabled to prevent secure channel
signing from
being required. 7. Click OK.
1. Return back to "Enabled" secure channel ecnryption
requirement. SMB file
sharing has nothing to do woth it. Secure Channel is used by
domain member
computers to pass user authentication information to DCs.
2. There are companion settings "Digitally sign
communications (always)" and
"Digitally sign communications (when possible)" for both servers and
workstations